Future City Summit: IoT, E-Commerce, and Data Privacy

No comments

Today, I spoke on the “Global Development and Resilience” panel at the Future City Summit, which covered the issues of privacy regulation and governance in the contexts of emerging smart cities and the Internet of Things (IoT), autonomous vehicles, and logistics and supply chains. The panel was led by Sabine Reppert (Intent-X), and joined by Prof. Dr. jur. Christopher W. Stoller (Steinbeis Transfer-Centre, International Transportation), Dr. Eric Tsang (Applied Science and Technology Research Institute), and Samuel Wempe (Nutonomy).

Privacy is a highly relevant topic in contemporary times, especially where data privacy is concerned (now that data is the new oil), given the ubiquity of sensors and the permanence of online data. The topic frequently hits the headlines. Long before Cambridge Analytica, Facebook had been in trouble over tracking users after logging out via cookies. In China, Baidu chief, Robin Li, was under fire in March 2018 for privacy comments about Chinese consumers being “happy to give up their data privacy for online convenience or efficiency under many circumstances,” as reported by the People’s Daily.

There are a number of familiar arguments for and against more privacy protection. The arguments for stronger privacy protection  include its limits on the powers of government and the data controller and processor. It’s about respecting individuals and affording them agency to manage their life and reputation, basic freedoms of thought, speech, and social and political activities. It is also fundamentally about trust, social boundaries, and their implications on one’s ability not having to explain or justify oneself and on one’s ability to change and have second chances.

Privacy is often pitted against the values of (a) security and (b) convenience. “You’ve got nothing to hide if you’re not doing anything wrong,” for example is an argument that has its own Wiki page. In the commercial context, many have argued that trading in privacy for better services is quid pro quo. Certainly, there are different contexts when one value prioritizes over another. For example, counter-terrorism and law enforcement efforts might require a temporary suspension of privacy protections. Moreover, consumers might consent to the use of their personal data or waive their privacy protections for the purpose of obtaining more expedient e-commerce transactions or the use of IoT around their homes.

On the panel, I tried to provide concrete examples of privacy problems in the public and private spheres. Privacy matters in the legal system. Hong Kong has it enshrined as a constitutional right under Article 30 of the Basic Law. We also have enacted the Personal Data (Privacy) Ordinance. Similarly, Articles 37 to 40 of the Constitution of the PRC embody the protections of individual freedom, privacy and dignity, and there are Chinese laws governing cybersecurity and data protection that safeguard personal privacy. In reality, privacy expectations differ between mainland China and Hong Kong. There are also stark contrasts in views toward privacy between Millennials and older generations. Data security goes hand in hand with data protection and data privacy, and data incidents are no longer “ifs” but “whens” for most corporates.

At work, I have to regularly address the issues of data protection across different Asian jurisdictions. These issues can become rather complex in cross-border legal proceedings, where data access, collection, processing, and storage could potentially impinge more than one set of data protection, data privacy, and/or data sovereignty laws and regulations. It is critical for companies to maintain a robust global compliance program with strong cybersecurity safeguards.

The panel concluded with calls from the panelists on deeper discussion around how we should address novel privacy issues arising from new technologies. It was apparent that we need test-beds and sandboxes to try out new forms of regulation. Privacy is also a perennial subject, and in discussing privacy matters, we should always be aware of the background cultural, economic, and social factors.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.